Ralph B wrote:
I've tried to set up spamassissin approximately as described in
http://wiki.apache.org/spamassassin/SiteWideBayesSetup.

When my users (only 5 of us) receive a spam we redirect it to
[EMAIL PROTECTED] Periodically I do a "sa-learn --showdots --mbox --spam
/home/spam/mbox" from root.

Spamassassin's local.cf contains:
required_hits 5
rewrite_subject 1
subject_tag [SPAM]

Are you using a *REALLY* old spamassassin? if not, rewrite_subject and subject_tag become obsolete as of SpamAssassin 3.0.0.

The current format is
rewrite_header Subject [SPAM]

However, none of that is relevant under mailscanner, so I'd just delete the rewrite_subject and subject_tag lines. They're ancient, so SpamAssassin won't understand them (and will generate lint warnings on them), and MailScanner over-rides them.

While you're at it, you might want to run spamassassin --lint to see if there are any other configfile errors.

report_safe 0
bayes_path /etc/mail/spamassassin/bayes/bayes
bayes_file_mode 0777
use_bayes 1

That should create a global bayes db for all invocations of SpamAssassin.. What are the permissions on the directory /etc/mail/spamassassin/bayes/? Are they 777? (note: I'm asking about the directory, not the files in it)




And each user has a .procmailrc with contents
MAILDIR=$HOME/mail

:0 H
* ^X-Spam-Status: Yes
{
EXITCODE=67
:0:
spam
}

This all seems to work OK, with most spams successfully being marked as
[SPAM] (for BAYES_99) and then dumped in user's spam folder.

However, when I occasionally visit the mbox of user "spam", I find that
many more mails are identified as [SPAM] than are at the users' own
mboxes.

i.e. User "fred" sees spam which is NOT identified as [SPAM], he redirects
it to user "spam" and, for user "spam" it IS identified as [SPAM].

So, my question is, why is filtering working better for user "spam" than
for the other users? And how do I get the other users' mboxes filtered so
well as user "spam"?

My guess is your redirects aren't really transparent, and are rewriting the headers. Have you checked to make sure the original headers (ie: Received:) are unmodified?

If the headers are replaced, this mechanism is essentially training SpamAssassin that redirected mail is spam. Which means every time a message gets redirected, it looks a lot more like spam than it did before..



Reply via email to